Anti Spyware idea

[Julius Ramos]

Ive been working for this for a month but i stop it because of some limatation of autoit. but if you like to continue this i woul like to share some idea.

1. traversing registry is more difficult and slow. why you traverse regitry?. its more easy to macth a registry.

create a database of registry then check if this registry is exist then delete.

2. for file. donot scan all files. you must have an option.

Option : FullScan -> this will more slower. scan all files

QuickScan -> faster. because you only macth file found inyour database.

3. for file in process. there is some limitation of autoit for process that has a watchdog. can not close the two process.

sample database.

SPYWARENAME...REGIRTY...key:::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents...IMAIL

SPYWARENAME...FILE...rootdir:::Test...124ADHNR4123213213

you can use MD5 for matching the file. Auto it has no support for MD5 use third party tool. also you can use what ever you like to separate your entry.

Goodluck..

julius

[markloman]

Check out Hitman Pro at www.hitmanpro.com. Completely written in AutoIt using the latest AutoIt beta!

[Bert]

The site is in Dutch...Still ...It is good stuff!

[autosc]

i am interested in this. i use bartpe at work...and spyware/viruses are alot easier to deal with when you remove its files, then you only need to deal with the registry stuff (which theres also tools in bartpe...and then stuff in windows afterward)

maybe something like this....i dont think this is completely right...but its a start

expandcollapse popup

#include <GuiConstants.au3>
#Include <process.au3>

$tempfile1 = "C:\Spyware_Finder_Temp1.txt"
$tempfile2 = "C:\Spyware_Finder_Temp2.txt"
$tempfile3 = "C:\Spyware_Finder_Results.txt"

Dim $line1 = 1
Dim $line2 = 1

SplashTextOn ( "Scanning", "Scanning Files")
_RunDOS("DIR c:\ /s /b > " & $tempfile1)
SplashOff ()
MsgBox(0, "", "Click OK when ready to scan again")
_RunDOS("DIR c:\ /s /b > " & $tempfile2)

GuiCreate("MyGUI", 392, 239)

$edit1 = GuiCtrlCreateEdit("", 10, 30, 370, 80, $WS_VSCROLL)
$edit2 = GuiCtrlCreateEdit("", 10, 150, 370, 80, $WS_VSCROLL)
$count1 = GuiCtrlCreateLabel("", 10, 10, 90, 20)
$count2 = GuiCtrlCreateLabel("", 10, 130, 100, 20)

GuiSetState()
While 1
    $file1 = FileReadLine ($tempfile1, $line1)
    If @error = -1 Then $file1 = ""
    $file2 = FileReadLine ($tempfile2, $line2)
    If @error = -1 Then ExitLoop
;SplashTextOn ( "comparing", $line1 & @LF & $file1 & @LF & @LF & $line2 & @LF & $file2, 500, 250)
    GUICtrlSetData ( $edit1, $file1)
    GUICtrlSetData ( $edit2, $file2)
    GUICtrlSetData ( $count1, $line1)
    GUICtrlSetData ( $count2, $line2)

    If $file2 = $file1 Then
        $line1 += 1
        $line2 += 1
    Else
        If $file2 <> $tempfile2 Then FileWrite($tempfile3, $file2 & @CRLF)
        $line2 += 1
    EndIf
Wend
Exit

After running the command REGEDIT /E c:\reg.txt

and after studying the reg.txt

i found that trace of uninstalled programs remain in the Registry :

with a biginning like this .....

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

my question is :

Can i easy remove them competely with the compare featured with the autoscript

which is featured here ..... without reediting the Regisry manually ?

Secondly , when you remove the difference of files ....How can you avoid deleting

which is not to be deleted ?

thanks ....